WordPress is one of the easiest ways to create an attractive, professional-looking website in a matter of minutes, even if you have zero website building experience. It is packed full of free features such as templates, plugins (mini-programs), and widgets, which are building blocks that can create an exciting site for your visitors.
This has led cybercriminals to target WordPress sites in order to steal them from hard-working bloggers so they can start making money from them instead.
As a result, WordPress has become much more security conscious. However, it still pays to be vigilant yourself in order to protect what is essentially your valuable property.
Fortunately, there are a number of ways to make your WordPress-based site or blog more secure.
NEVER give anyone administrative privileges unless you are absolutely sure they are 100% trustworthy. Anyone with admin level privileges can lock you out of the site completely and steal it.
Don’t Use "Admin" as Your User Name
The default user name when you are first setting up WordPress is "Admin". Change it to something else hackers and their robots won’t be able to guess. Do note that it will be visible if you write any content for the site, but you can set your name and the way you wish it to appear in your personal profile area if you wish to slow down thieves even more. So for example, your user name would be websiteadmin but your name would show as John, John Smith, or J Smith depending on what you set in your profile.
Be Password Savvy
Use the auto-generated password feature in your profile area to generate long, random passwords. Keep your password in a safe place, and change it regularly.
The Settings -> General tab has a checkbox that determines whether or not you will allow users to join your site. This is an important decision, because allowing people to (for example) post comments at your site via their subscriber account could give them the chance to introduce malicious code to the site - which could damage it or help them steal it.